I am using 2.3.0.2. OC. When I try to edit the status of the product to "On stock" and hit save I get an error ERR_BLOCKED_BY_XSS_AUDITOR or I am redirected to the missing page. I am using Chrome. It is up to date. I tried the same in Firefox, the same thing happens.
Is it some how connected with token and API?
I tried the whole new API thing but does not work for me.. I first noticed this thing when I moved to another hosting . They are saying it is nothing to do with the server, but probably with cloudfare??
If I try to edit the item it redirects me to a broken page of mine.. my site looks like this originally..
but when I try to save the edited version it redirects me to this and saying The page doesn not exist, so it does not save it...
I would appreciate some help.
Attachments
xss_.png (73.97 KiB) Viewed 3169 times
Code: Select all
header('X-XSS-Protection:0');
Code: Select all
<filesMatch "\.(html|htm|js|css|php)$">
Header unset Content-Security-Policy
Header set X-XSS-Protection: "0"
</filesMatch>
Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.
Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins
Code: Select all
<filesMatch "\.(html|htm|js|css|php)$">
Header unset Content-Security-Policy
Header set X-XSS-Protection: "0"
</filesMatch>
Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.
Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins
PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/XXXXX/public_html/system/storage/modification/catalog/controller/product/product.php on line 789
I don't have a broken admin .. I am being redirected to a strange broken page after I am trying to edit one particular item..and it says The page is not found..webdesires wrote: ↑Wed Jun 05, 2019 6:57 pmYour server may not have the required packages or setup for this to work. However I did make a mistake with the .htaccess version, try this in your .htaccess:
Let me know if this works better or if you still get a broken admin panel.Code: Select all
<filesMatch "\.(html|htm|js|css|php)$"> Header unset Content-Security-Policy Header set X-XSS-Protection: "0" </filesMatch>
I added this to my .htaccess file.. but It does not help..
I than went to log files and I found out this error: 2019-06-10 6:47:19 - PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/xxxx/public_html/system/storage/modification/catalog/controller/product/product.php on line 789
Regards, WebDesires.
We are a team of developers in the UK - professional and friendly, message us or give us a call anytime and we will be happy to help.
Phone: +44 (0) 121 318 6336 - Web: webdesires.co.uk - Skype: WebDesires
OpenCart Support - OpenCart Web Development - Our OpenCart Plugins
See this solution: viewtopic.php?f=199&t=211540&p=754067#p754154
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
the code was not saved.. so I can not do anything..
on line 789 (/home/xxx/public_html/system/storage/modification/catalog/controller/product/product.php) is this code:
Code: Select all
if (!empty($seo_categories)) {
$data['seo_data']['breadcrumbs'][] = array(
'name' => $this->config->get('config_name'),
'href' => $this->url->link('common/home', '', 'SSL')
);
but i reversed it now.. regarding this https://www.php.net/manual/en/function.count.php
I can't use my site at all!!!
I have just received an information that I need to debug the php?? I don't know how? Could please help me or do anyone has another solution to this?
edit: Now they turned off XSS .. and it magically works..
but I l already tried to put this code in .htaccess file.. but it didn't work..
Code: Select all
<filesMatch "\.(html|htm|js|css|php)$">
Header unset Content-Security-Policy
Header set X-XSS-Protection: "0"
</filesMatch>
Have you ever tried to make a new and clean installation - e.g. in a subfolder?
And only the Shop itself, no extensions, no custom template!
And no enabled .htaccess!
And tried it then again?
With several browsers?
And disable before their installed addins!
I am sure it will work.
Otherwise thousands of OC users would have these troubles you have.
And maybe you are using a local installed firewall or/and virus scanner?
If you will have still troubles then, disable also them - temporary.
Have seen some strange results at some clients when they have used such stupid virus solutions.
Before you have not tried a new and clean installation, I am sure nobody here can you help.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
But stop annoying us.
Full Stack Web Developer :: Dedicated OpenCart Development & Support DACH Region
Contact for Custom Work / Fast Support.
Not a bug. This is a user configuration issue either originating from .htaccess, config.php or admin/config.php file. If you don't have the minimum skills to fix those issues, that's no problem. You can always create a new service request in the Commercial Support section of the forum to get this fixed as a custom job or you could always re-contact the hosting provider and request to fix this issue.
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
When you see these types of messages, it simply means that you need to switch web hosting service since it does not require to remove a firewall and leave you on your own to protect your domain to use Opencart. Not a bug.ideep13 wrote: ↑Sat Jun 22, 2019 5:28 pmthis error escalated so far that interfered checkout process as well.. I contacted the hosting provider and he says that they totally disabled firewall for all my sites.. and I need to take care of the security and protection of the sites on my own from now on.. what does he mean? is my site now vulnerable 24/7? my site runs through cloudfare, I have changed admin folder.. i have 2.3.0.2. opencart.. do i need to update the opencart to the latest version so I can get rid of this error?
Dedication and passion goes to those who are able to push and merge a project.
Regards,
Straightlight
Programmer / Opencart Tester
Users browsing this forum: No registered users and 103 guests